Data Processing Addendum
Last updated: March 13, 2026
This Data Processing Addendum ("DPA") forms part of the PocketNOC Terms of Service between WeaveHub Technologies LLC ("PocketNOC", "we", "us") and the customer organization ("Customer", "you") and applies where PocketNOC processes Personal Data on behalf of Customer subject to applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and UK GDPR.
1. Roles of the Parties
Customer acts as the Data Controller. PocketNOC acts as the Data Processor. PocketNOC processes Personal Data only on documented instructions from Customer, including as set forth in the Terms of Service and this DPA.
2. Description of Processing
2a. Subject Matter
Processing of licensing, device registration, and infrastructure monitoring identifiers for the purpose of delivering the PocketNOC service.
2b. Duration
For the term of the applicable subscription (including license key validity period) and any retention period specified herein.
2c. Nature and Purpose
License key validation, device registration, subscription management, push notification delivery, and anonymous usage analytics to operate and improve the PocketNOC mobile application and licensing infrastructure.
2d. Categories of Data Subjects
IT administrators, network engineers, and other end users of Customer who use PocketNOC to monitor SolarWinds Orion infrastructure.
2e. Categories of Personal Data
Depending on Customer configuration and usage, Personal Data processed may include:
- Device identifiers (iOS Vendor ID, Android ID)
- Email addresses (associated with license keys)
- License keys and activation status
- Stripe customer and subscription identifiers
- Push notification tokens (APNs, FCM)
- Anonymous usage analytics (app opens, screen views, feature usage via Firebase Analytics)
- SolarWinds monitoring data in transit (node names, IP addresses, alert text that may contain hostnames or usernames)
PocketNOC does not determine the content of SolarWinds monitoring data. Monitoring data transits through the customer's device and is not stored on PocketNOC servers. SolarWinds credentials (username/password) are stored exclusively on the customer's device in platform-native secure storage (iOS Keychain / Android EncryptedSharedPreferences) and are never transmitted to PocketNOC infrastructure.
3. Customer Responsibilities
Customer represents and warrants that:
- It has a valid legal basis for processing and transmitting Personal Data to PocketNOC
- It has provided any required notices to data subjects (e.g., employees using PocketNOC)
- It is authorized to connect to the SolarWinds Orion instance(s) configured in the App
- It controls which SolarWinds credentials and data are used with the Service
4. PocketNOC Obligations
PocketNOC shall:
- Process Personal Data solely for service delivery (license validation, push notifications, analytics)
- Not access, store, or retain SolarWinds monitoring data or credentials on PocketNOC servers
- Retain licensing data (email, device ID, Stripe ID, license key) only as necessary to operate the licensing service and as described in the Privacy Policy
- Ensure personnel with access to Personal Data are subject to confidentiality obligations
- Implement appropriate technical and organizational security measures
5. Security Measures
PocketNOC implements the following technical and organizational measures:
- TLS encryption for all data in transit
- Cloudflare Workers with isolated execution environments for licensing infrastructure
- Cloudflare D1 database with encryption at rest for licensing data
- Platform-native secure storage for on-device credentials (iOS Keychain with
kSecAttrAccessibleWhenUnlockedThisDeviceOnly, Android EncryptedSharedPreferences) - Rate limiting and abuse prevention on licensing endpoints
- No server-side storage of SolarWinds credentials
6. Subprocessors
Customer authorizes PocketNOC to engage the following subprocessors:
- Cloudflare, Inc. — Hosting, Workers runtime, D1 database (licensing infrastructure), email delivery
- Apple Inc. — Apple Push Notification service (APNs), App Store distribution
- Google LLC — Firebase Cloud Messaging (FCM), Firebase Analytics, Google Play distribution
- Stripe, Inc. — Payment processing for license key purchases
PocketNOC shall impose data protection obligations on subprocessors consistent with this DPA. PocketNOC will notify Customer of any new subprocessors by updating this page.
7. Data Subject Rights
PocketNOC shall reasonably assist Customer in responding to data subject requests (access, rectification, erasure, portability, restriction, objection), taking into account the nature of processing and information available.
8. Personal Data Breach
PocketNOC shall notify Customer without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data Breach affecting Personal Data processed under this DPA. Notification shall include the nature of the breach, categories of data affected, and measures taken or proposed.
9. International Transfers
PocketNOC is based in the United States. Where Personal Data originating from the EEA, UK, or Switzerland is processed, PocketNOC relies on the EU Commission's Standard Contractual Clauses (SCCs, June 2021 version) for controller-to-processor transfers, supplemented by the UK International Data Transfer Addendum where applicable. Copies of executed SCCs are available upon request.
10. Data Retention and Deletion
Upon termination of the Service or upon verified Customer request, PocketNOC shall delete Personal Data associated with the Customer's license keys and devices from the licensing database, except where retention is required by applicable law or for legitimate business purposes (e.g., financial records for tax compliance).
11. Audits
PocketNOC shall make available reasonable information necessary to demonstrate compliance with this DPA, subject to confidentiality and security constraints. Audit requests should be submitted via the contact form.
12. Contact
For questions about this DPA, contact us.